Midphase Support Center

WordPress Security - Part 2: Maximum Security

1. Restrict Access (.htaccess) a. Installing a plugin to help rate limit login attempts is a step in the right direction. b. However a .htaccess file limiting directory/file access is likely one of the best. An example snippet of code is shown here:<FilesMatch wp-login.php> Order Allow,Deny Allow from xx.xx.xx.xx Deny from all </FilesMatch>2. Do not look like a “new” Wordpress installation a. Remove default posts, etc. b. Remove Version information in default files. This is done in two places: i. The first is the meta generator tag in your template. That is found in wp-content/{name of your WordPress theme}/header.php. ii. The other element is in your RSS feed. Open up wp-includes/general-template.php and look around line 1858. Find: function the_generator( $type ) { echo apply_filters('the_generator', get_the_generator($type), $type) . "\n"; } iii. Make sure a hash is applied next to the “echo” command so that it looks like this:function the_generator( $type ) { #echo apply_filters('the_generator', get_the_generator($type), $type) . "\n"; } c. Remove “Powered by Wordpress” footers. d. Remove install or upgrade files i. Be sure to delete /wp-admin/install.php and /wp-admin/upgrade.php afterevery WordPress installation or upgrade!You don't need them for day to day WordPress functionality. e. Change some of the miscellaneous default settings i. Go to Settings > Miscellaneous in your admin console and change the names of wp-content/directory and wp-comments-post.php. ii. Make sure to change the template URL within the template and wp-comments-post.php accordingly, to maintain the function of your site.

3. Disable custom HTML when possible a. If it's not necessary for the form and function of your site, disable it. You can add the following to your wp-config.php file:define( 'DISALLOW_UNFILTERED_HTML', true );

4. Hide Indexes or limit access a. In a .htaccess file, add:Options –Indexes b. Make sure PHP source code is never revealed: i. Your site's wp-includes/ directory is the most important one to block. Find the .htaccess file there and insert:RewriteRule ^(wp-includes)\/.*$ ./ [NC,R=301,L] ii. If there are or will be subdirectories of wp-includes/, insert the following code for each one in the same .htaccess configuration file:RewriteRule ^(wp-includes|subdirectory-name-here)\/.*$ ./ [NC,R=301,L]

User Opinions (0 votes)

What They're Saying

"Cakewalk Websites builds custom websites and has been a very satisfied Midphase customer since 2007. We sign up all our customers with Midphase because of their 24/7/365 top-notch technical support, their user friendly platform, their reliability and their unbeatable prices."
KOBBE (PIERRE COBBAERT), CAKEWALKWEBSITES.COM

"Midphase’s uptime is great. Their attention to trouble tickets and working one-to-one with client issues is better than any hosting provider I have experienced."
Jeff Borden

"Midphase’s customer service is outsanding. I love being able to contact them via phone and having customer service reps that follow up is amazing. I have used service providers in the past where the only way to contact is via submitting a service ticket and there is nothing more aggravating. Being able to speak to a live person is my favorite thing about Midphase. "
TJ Henderson

"Midphase’s service is reliable it’s always up! Tech support is awesome as well."
Mark

"Reliable. Good tech service. Affordable. I get it all with Midphase."
Pamela V N

"Midphase has an excellent support team! Absolutely fantastic."
Corin J.

"The support I have received has been extremely efficient and effective. I am in Australia and have never had to wait for support on the live support panel. The support guys are always friendly and helpful. I think Midphase prices are very fair as well. I would highly recommend Midphase."
Jane Wheeler

"Midphase’s telephone support is awesome and the staff is friendly. That alone helps me to relax when problems arise."
Ketti Kupper

"Technical support is important to me when it comes to managing websites. Midphase’s 24/7/365 support is the best there is. And it's all free!!! Wow, I can't think of a better host than Midphase."
Delmar

"Midphase’s support staff really take the times to understand your issue to resolve them in the best way possible."
Tim LaPaglia

About Midphase Hosting Services

Since our inception in 1998, we have worked tirelessly to perfect the art of web hosting. From our robust infrastructure to our highly skilled employees we have built a reputation for delivering when it matters most.